We use our nginx error logs to monitor our system closely. Recently, we've been hit with a lot of requests with malicious intent, and thus have blocked their IPs using a "deny " directive. This has worked as expected, but unfortunately, our error logs are still flooded with "error" with "access forbidden by rule...." messages.

Why is a successful denial being logged as an error? I would expect that this is correct behaviour, and thus should not be logged as an error.

In any event, is their any way to suppress 403 denied messages from the error log without bumping up the logging level? We don't want to change the log level, as the "upstream timed out" error is also at level "error" and is something we really want to keep an eye on.